1. Field of the Invention
The present invention relates to an authentication method for use in an agent system that moves on a network autonomically.
2. Description of the Related Art
Conventionally, various authentication technologies have been developed as a method for security protection.
For example, the remote procedure call function (RPC: Remote Procedure Call) used widely in a UNIX-based distribution system provides the user with the user authentication function such as the one shown in FIG. 1.
Before communication begins, client A and server B share a common key Kab, which is used in DES (Data Encryption Standard) encryption, in accordance with the DH system (Diffie-Hellman public key distribution system) as shown in FIG. 1. More specifically, client A generates the common key Kab from the publicized server B's public key Kb' and the client A's own private key Ka. Server B generates the common key Kab from the publicized client A's public key Ka' and the server B's own private key Kb.
Client A generates a character string (net name) representing the sender, generates a session key K (random number), and DES-encrypts (Fe) the timestamp T using the generated session key K.
In addition, client A DES-encrypts (Fe) the common key Kab using the session key K and sends the network name, encrypted session key K, and encrypted timestamp T to server B as authentication information.
Server B DES-decrypts (Fd) the encrypted session key K included in the received authentication information using the common key Kab and, in addition, DES-decrypts (Fd) the encrypted timestamp T included in the authentication information using the session key K. Server B compares the decrypted timestamp T with the current time of day. Server B allows access of the net name if the difference is within an allowable range, but rejects access if the difference is out of an allowable range.
An agent that moves on the network in autonomically, the so-called a mobile agent, is a software product that moves on the network. It moves to a location where necessary resources are available, selects an action according to a change in the environment, and performs operation autonomically to achieve the object. A mobile agent like this is used in a distributed system. For example, an agent processing module, programmed based on a user's requirement, leaves the user's computer, moves around a plurality of distributed servers on the network according to its judgment to collect user-desired information, and returns to the user's computer.
When the conventional authentication method described above is applied to such an agent that moves autonomically, a destination server usually authenticates the agent that has visited. That is, the destination server verifies the authentication information brought by the agent. The agent can execute processing in the server if authenticated, but not if not authenticated.
For the agent to authenticate the destination server, it is necessary, after the server's authentication processing described above is performed, that the server decrypts the agent's processing module and then the decrypted processing module of the agent authenticates the server. In this case, if the server is malignant, the decrypted processing module of the agent becomes defenseless and the contents of the processing module are exposed to analysis and alteration.
In addition, when the agent authenticates the destination server, the server must pass its authentication information to the agent. If the agent is malignant, there is a possibility that illegal processing such as an illegal access or a destructive action may be included into the authentication processing part of the server.
Furthermore, server's authentication processing for the agent and agent's authentication processing for the server, if executed individually and serially, increase the processing time and the load.